Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/54f6a2-10d1-4195-95bc-9ee76583c71a/1/M3siOD9_T8WjnfUJwm5ICxCrSAo.roa
File:                     M3siOD9_T8WjnfUJwm5ICxCrSAo.roa (raw, json)
Hash identifier:          78CDhHXCRkr6/249OxeuovZ/zA7xOHwPiNZ69+yZbJY=
Subject key identifier:   33:7B:22:38:3F:7F:4F:C5:A3:9D:F5:09:C2:6E:48:0B:10:AB:48:0A
Certificate issuer:       /CN=78dc3c6ab4afba864ba0d4fdb09e6f0eb06f43fa
Certificate serial:       018CC2DAB627D44FA5D017F9B6908A47D703
Authority key identifier: 78:DC:3C:6A:B4:AF:BA:86:4B:A0:D4:FD:B0:9E:6F:0E:B0:6F:43:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eNw8arSvuoZLoNT9sJ5vDrBvQ_o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/54f6a2-10d1-4195-95bc-9ee76583c71a/1/M3siOD9_T8WjnfUJwm5ICxCrSAo.roa
Signing time:             Mon 01 Jan 2024 02:29:22 +0000
ROA not before:           Mon 01 Jan 2024 02:29:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49432
IP address blocks:        185.210.224.0/24 maxlen: 24
                          2a0b:5cc0::/29 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/54f6a2-10d1-4195-95bc-9ee76583c71a/1/eNw8arSvuoZLoNT9sJ5vDrBvQ_o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/54f6a2-10d1-4195-95bc-9ee76583c71a/1/eNw8arSvuoZLoNT9sJ5vDrBvQ_o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eNw8arSvuoZLoNT9sJ5vDrBvQ_o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 16:01:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:b6:27:d4:4f:a5:d0:17:f9:b6:90:8a:47:d7:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=78dc3c6ab4afba864ba0d4fdb09e6f0eb06f43fa
        Validity
            Not Before: Jan  1 02:29:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=337b22383f7f4fc5a39df509c26e480b10ab480a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:af:b9:11:10:36:e0:29:00:93:ed:ac:83:4f:
                    97:00:fd:40:50:20:c5:0f:38:86:cc:0e:06:15:9c:
                    8a:3a:e3:ba:ae:63:d0:88:80:ff:d4:f7:38:b1:bf:
                    36:ef:47:fd:f7:23:cd:51:5f:a8:8e:14:78:01:e4:
                    04:a7:dd:91:39:c3:71:6b:7a:1a:d3:8e:9a:7e:c3:
                    6a:5d:5a:1a:d2:40:64:92:4f:28:ae:cb:1a:65:70:
                    75:2b:75:b5:b1:90:b9:aa:76:79:c2:98:a0:0a:a8:
                    fc:1f:ee:fb:3a:e8:d7:1f:e2:96:7e:f2:19:84:6a:
                    77:b4:82:da:3f:35:9a:ba:6d:fa:2f:21:85:89:15:
                    18:14:54:a0:90:4a:9f:84:3e:61:f4:af:82:b1:f9:
                    26:fc:d2:9e:b4:ab:e0:0d:99:28:f3:bd:b0:5c:6c:
                    e8:4e:ee:18:b4:0c:7e:43:96:da:70:72:b7:d4:fb:
                    9c:fa:93:af:2e:3e:17:38:76:de:5e:c9:41:11:e3:
                    30:c8:96:59:17:0e:d0:62:de:74:48:83:a8:45:21:
                    51:f1:31:5c:7f:ec:97:8e:70:6e:92:5c:3f:28:32:
                    c2:c7:ec:cc:b9:2a:10:ad:47:2e:8b:1d:30:5a:a5:
                    6b:eb:46:5b:ad:95:b9:5c:51:cc:64:ba:e4:5d:52:
                    1f:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:7B:22:38:3F:7F:4F:C5:A3:9D:F5:09:C2:6E:48:0B:10:AB:48:0A
            X509v3 Authority Key Identifier:
                keyid:78:DC:3C:6A:B4:AF:BA:86:4B:A0:D4:FD:B0:9E:6F:0E:B0:6F:43:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eNw8arSvuoZLoNT9sJ5vDrBvQ_o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/54f6a2-10d1-4195-95bc-9ee76583c71a/1/M3siOD9_T8WjnfUJwm5ICxCrSAo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/54f6a2-10d1-4195-95bc-9ee76583c71a/1/eNw8arSvuoZLoNT9sJ5vDrBvQ_o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.210.224.0/24
                IPv6:
                  2a0b:5cc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         80:0e:fd:2b:80:af:76:d7:19:f5:7c:75:f7:ad:47:9f:ae:87:
         90:5e:28:48:75:ce:b8:53:04:b9:6a:5c:24:37:68:a5:71:38:
         a4:6d:12:f6:c0:ef:b3:77:4a:61:f1:d3:35:a5:3f:3f:9c:09:
         43:d5:bb:e3:e5:3b:d4:e4:97:f8:75:af:6e:99:5d:f9:e6:dd:
         04:7e:89:49:9b:b3:13:dc:a8:e1:32:11:46:06:cc:72:cf:9f:
         af:52:35:63:bb:1a:ea:8b:1f:3e:92:f1:58:70:33:58:ca:2b:
         f9:01:63:8a:3e:0d:d3:b5:f3:e2:d9:2b:bf:6e:19:19:2f:ca:
         2f:2f:2f:19:7b:69:8c:c9:e3:7c:c8:b9:f7:e3:e5:07:f8:21:
         cb:ba:ef:c0:5b:f2:f0:09:0b:48:af:9b:f3:ee:80:5e:55:75:
         cb:b9:0f:ec:93:51:75:16:a5:9a:58:8c:de:2b:2c:2e:8c:82:
         09:d1:1f:bf:c1:48:5e:8b:d9:31:4d:c3:af:c7:96:34:17:29:
         e8:35:49:59:17:41:0d:10:07:1d:da:f5:3c:01:18:ef:19:15:
         55:f1:35:61:69:af:88:88:78:74:87:4f:17:14:7a:f9:fd:61:
         ef:c9:f8:bc:89:67:3f:36:7f:94:1a:c8:d9:47:54:ba:33:7f:
         20:26:ae:12
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzC2rYn1E+l0Bf5tpCKR9cDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc4ZGMzYzZhYjRhZmJhODY0YmEwZDRmZGIwOWU2ZjBlYjA2
ZjQzZmEwHhcNMjQwMTAxMDIyOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzdiMjIzODNmN2Y0ZmM1YTM5ZGY1MDljMjZlNDgwYjEwYWI0ODBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg6+5ERA24CkAk+2sg0+XAP1AUCDF
DziGzA4GFZyKOuO6rmPQiID/1Pc4sb8270f99yPNUV+ojhR4AeQEp92ROcNxa3oa
046afsNqXVoa0kBkkk8orssaZXB1K3W1sZC5qnZ5wpigCqj8H+77OujXH+KWfvIZ
hGp3tILaPzWaum36LyGFiRUYFFSgkEqfhD5h9K+Csfkm/NKetKvgDZko872wXGzo
Tu4YtAx+Q5bacHK31Puc+pOvLj4XOHbeXslBEeMwyJZZFw7QYt50SIOoRSFR8TFc
f+yXjnBuklw/KDLCx+zMuSoQrUcuix0wWqVr60ZbrZW5XFHMZLrkXVIfuwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDN7Ijg/f0/Fo531CcJuSAsQq0gKMB8GA1UdIwQY
MBaAFHjcPGq0r7qGS6DU/bCebw6wb0P6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZU53OGFyU3Z1b1pMb05UOXNKNXZEckJ2UV9vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS81NGY2YTItMTBkMS00MTk1LTk1YmMt
OWVlNzY1ODNjNzFhLzEvTTNzaU9EOV9UOFdqbmZVSndtNUlDeENyU0FvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS81NGY2YTItMTBkMS00MTk1LTk1YmMtOWVlNzY1ODNjNzFh
LzEvZU53OGFyU3Z1b1pMb05UOXNKNXZEckJ2UV9vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAudLgMA0E
AgACMAcDBQMqC1zAMA0GCSqGSIb3DQEBCwUAA4IBAQCADv0rgK921xn1fHX3rUef
roeQXihIdc64UwS5alwkN2ilcTikbRL2wO+zd0ph8dM1pT8/nAlD1bvj5TvU5Jf4
da9umV355t0EfolJm7MT3KjhMhFGBsxyz5+vUjVjuxrqix8+kvFYcDNYyiv5AWOK
Pg3TtfPi2Su/bhkZL8ovLy8Ze2mMyeN8yLn34+UH+CHLuu/AW/LwCQtIr5vz7oBe
VXXLuQ/sk1F1FqWaWIzeKywujIIJ0R+/wUhei9kxTcOvx5Y0FynoNUlZF0ENEAcd
2vU8ARjvGRVV8TVhaa+IiHh0h08XFHr5/WHvyfi8iWc/Nn+UGsjZR1S6M38gJq4S
-----END CERTIFICATE-----